WoSign Tools

Faked Apple email induced to steal user’s Apple ID

2016-05-04

Receiving an email from Apple customer service today which claimed the Apple ID has been disabled and verification was needed, the author clicked on the link without hesitation to enter the login page of Apple account.

The author sensed that something was wrong before finishing the account number. Neither the address bar turned green nor there was a security lock. How can Apple not install SSL certificate?

This site turned out to be a phishing site after the author copied the link and carefully checked. Your Apple ID will be stolen once you enter your account number and password on this page.

How serious can the consequence be of Apple ID being stolen?

Many people will not take it seriously for the frequently-happening phishing mails. How serious can the consequences be of Apple ID being stolen?

1) Leak of account privacy

Apple devices are closely connected with Apple ID, which is usually used in three stores (App Store, iTunes Store, Apple Store online) and four services (Apple Music, iCloud, iMessage, FaceTime). It can also be used in many other ways such as Game Center, Apple Support Community, Find My Friend and Find My iPhone. Apple ID is bound to iCloud, which means your photo stream, address list, text message, memo and even the data in your “key string” are possible to be leaked. The nude picture scandal of Hollywood was caused by iCloud account leak.

2) Apple device being locked maliciously

Lawbreakers will firstly modify the main mailbox of your Apple ID and then log in your iCloud account to remotely lock your device and erase everything on your phone using the function of Find My iPhone after obtaining your Apple ID. It will be way too late when you realize your Apple ID is stolen for you will not be able to get your Apple ID back using the main mailbox even if you have gained the password of the stolen mailbox. The main mailbox of your Apple ID has been already changed into the one the lawbreakers designate as well as password, security questions and the answers.

Normally, you will have to verify the security prompt before conducting the operation if you want to modify your security questions even the two-step verification is enabled. But it takes less trouble when you want to modify your Apple ID. All you need to know is the password. Any operations later will no longer be sent to your former mailbox, but to the lawbreaker’s modified mailbox.

When the device bound to your Apple ID is remotely locked using the function of Find My iPhone by the lawbreakers, your iPhone can no longer be used, turning into a brick. You don’t have any other options than looking for solutions to unlock your device when it is locked by other people with yourself holding it right in front of your eyes. If your Apple ID is bound to multiple Apple devices, then all of them are in the hands of lawbreakers. It is undoubtedly you really want to rescue your devices. Taking advantage of this kind of state of mind, lawbreakers sent text message and email to you, hoping to get in touch with you and blackmail you for money if you want your Apple ID back.

How to distinguish the phishing mail faking Apple?

There are many ways to steal Apple ID. The one that is most easily for users to fall for is the combination of phishing mail and phishing website. For lawbreakers, it brings higher success rate with lower cost. This article introduces several methods of distinguishing phishing site and email, combined with the official guidance of Apple and based on identification method of SSL certificate.

1) Find out the real sender

In the case of this article, the sender is Apple Support. However, you will find it a fake Apple domain if you carefully check the sender’s address. The top domain of it is ssl.com rather than apple.com. It is not so easy for users to distinguish between the true and the false when the order of the domain is switched.

2) Beware of the links in the email

In the case of this article, the link is text hyperlink. User cannot see the situation of the real link. We recommend you to copy the link to a text and check the real domain of it.

3) Check SSL certificate of the website

The two methods above need users to be really careful and have certain knowledge of domain setting regulations. Therefore, most users find these methods very hard and directly open the link just like the author. This method is the one we would like to focus, that is to tell whether this website is legal through SSL certificate.

At present, most large-scale internet sites have applied SSL certificate to realize HTTPS encryption and server identity certification so that users can easily distinguish whether it is authentic. Websites using SSL certificate will have striking identifications to allow users to find out the authenticity and legality of this website.

Take the official website of Apple as an example. It realizes the full-site HTTPS encryption using the highest identity certification EV SSL certificate. When users access to this website, they can see the address starts with HTTPS and the address bar is green. There is a security lock in status bar as well as the name of this company. Whether it’s true or false will be clear at a glance when we know about all these characteristics of legal websites, comparing to phishing sites.

Conclusion

Phishing fraud has formed a mature black industry chain. It has become a trap we come across every day in our life. Except for letting users heighten their vigilance and learn to distinguish phishing site, we hope more websites can start to use SSL certificate and build a more trustful internet environment.

WoSign CA is an authoritative CA that has passed the international certification of WebTrust and gained the license of the Ministry of Industry and Information Technology. WoSign SSL certificate supports all browsers and mobile terminals, providing products and services for more than 180 countries and regions worldwide. According to Netcraft, WoSign SSL certificate ranks first in Chinese SSL certificate market.